In The Current Issue:– Model railway company Hornby takes classic hobby brands into digital age– Banker’s startup experience feathers the nest for Starling Bank– Should businesses upgrade to Windows 10?
Download Current Issue

A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker use a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts.

The hacker, known as “TheHell”, created a video to market the exploit on an underground cyber crime market called Darkode.

According to the video, attackers would have to lure a victim into clicking a malicious link to launch the exploit code that records the user’s cookies or small files containing user details, session tokens or other sensitive information retained by the browser and used with that site.

The hacker claims that the exploit works on all browsers and does not require an attacker to bypass IE or Chrome XSS filters, adding: “Will sell only to trusted people cuz I don't want it to be patched soon!"

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy